Cloudflare Selects ForAllSecure to Bring Increased Application Security to its DevOps Pipeline

Application Security

Advanced fuzz testing solution proactively ensures continuous and secure service to Cloudflare customers

ForAllSecure, Inc., a pioneer in automated application security, announced today that Cloudflare, a security, performance, and reliability company, has integrated ForAllSecure’s advanced fuzz testing solution, Mayhem, into its product development pipeline. The Cloudflare security and development teams invested in Mayhem as it provided a proactive approach to software security the DevSecOps lifecycle. Recognizing that software is ever-evolving and its attack surface expanding, Cloudflare required continuous security through advanced fuzz testing and selected Mayhem as the best option for their needs.

“There were two main factors that led us to choose Mayhem as our fuzz testing solution: it’s a common platform, making it easy to implement, and it runs autonomously,” said David Haynes, Cloudflare security engineer. “Developers can give Mayhem their app and it will autonomously start detecting bugs on its own — out of the box, no harnessing required. I can set it and forget it. Mayhem will reproduce issues on its own, helping developers quickly and easily fix issues. No other fuzzing platform does that right now.”

Building on advanced fuzzing techniques, Mayhem delivers powerful continuous security testing by combining fuzzing with the ingenuity of symbolic execution. Mayhem’s unique advantage is in its ability to acquire intelligence of its targets over time. As Mayhem’s knowledge grows, it deepens its analysis and maximizes its code coverage.

“Ease-of-use and our users’ productivity are top priorities for ForAllSecure. Our aim is to make this powerful technique accessible outside of the academic and security research community,” said Jeff Whalen, ForAllSecure’s Vice President of Product. “Mayhem integrates directly into development workflows, allowing users to continuously test applications with each code commit. With Mayhem, organizations can deliver true automatic security testing where security runs quietly and asynchronously in the background. Cloudflare is a visionary company that quickly grasped and realized the business and technical benefits of continuous testing with Mayhem.”

ForAllSecure recently announced a $45 million contract with the U.S. Department of Defense (DoD) to implement Mayhem across multiple organizations. Mayhem is currently being utilized by the Air Force 96th Cyberspace Test Group, the Air Force 90th Cyberspace Operations Squadron, the Naval Sea Systems Command (NAVSEA), the U.S. Army Command, Control, Communication, Computers, Cyber, Intelligence, Surveillance, and Reconnaissance Center (C5ISR), as well as multiple other organizations within the DoD.